3.5

CVE-2012-1987

EPSS 0.76%
Veröffentlicht 29.05.2012 20:55:07
Zuletzt bearbeitet 20.11.2025 18:53:47
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Version >= 2.6.0 < 2.6.15

Puppet ≫ Puppet Version >= 2.7.0 < 2.7.13

Puppet ≫ Puppet Enterprise Version >= 1.0 < 2.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.76%	0.726

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

https://hermes.opensuse.org/messages/15087408

Broken Link

http://secunia.com/advisories/48743

Vendor Advisory

Broken Link

http://secunia.com/advisories/48748

Vendor Advisory

Broken Link

http://secunia.com/advisories/48789

Vendor Advisory

Broken Link

http://ubuntu.com/usn/usn-1419-1

Third Party Advisory

http://www.debian.org/security/2012/dsa-2451

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/52975

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html

Broken Link

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html

Broken Link

http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15

Broken Link

http://secunia.com/advisories/49136

Vendor Advisory

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/74794

Third Party Advisory

https://hermes.opensuse.org/messages/14523305

Broken Link

http://projects.puppetlabs.com/issues/13552

Vendor Advisory

Broken Link

http://projects.puppetlabs.com/issues/13553

Vendor Advisory

Broken Link

http://puppetlabs.com/security/cve/cve-2012-1987/

Vendor Advisory

Broken Link

http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/

Vendor Advisory

Broken Link

http://www.osvdb.org/81308

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2012-1987

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-1987

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-1987

EUVD